The present invention relates to the field of cryptography.
In the field of cryptography, there is a large use of symmetric algorithms, such as the algorithm known as AES (Advanced Encryption Standard—see Federal Information Processing Standards Publication 197 issued by the U.S. National Institute of Standards and Technology at http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf). A symmetric encryption/decryption uses a key to encrypt a message (sometimes referred to as “plaintext”) and uses the same key to decrypt the encrypted message (sometimes referred to as “ciphertext”). A symmetric encryption/decryption algorithm, such as AES, takes a set of two inputs of given and fixed sizes: key and message. However, in practice it is necessary to be able to encrypt larger elements than the fixed size for the message, and various modes of encryption have been designed to allow for encryption/decryption of large messages such as a stream of content (e.g., a movie or song, etc.). There are several known modes of encryption/decryption, including the ECB mode and the CBC mode and counter (CTR) mode. The present description primarily relates to the counter mode of operation.
FIGS. 1A and 1B respectively show how encryption and decryption are performed in the counter mode of operation. A block cipher, such as the AES algorithm, is used to encrypt a seed (such as a nonce) with a given key, and the result of the encryption is XORed (exclusive OR operation) with the original message (referred to as “plaintext” in FIG. 1A) to produce the encrypted value for this block of plaintext. The seed is then updated (by a counter value) before each next encryption in which the updated seed (also referred to as an updated nonce encrypted with the key and the result is XORed with the next block of plaintext. The method repeats for each block of plaintext in the stream of plaintext. In an implementation using AES in the counter mode of operation, a 16 byte (B) buffer (the current nonce) is encrypted using the AES algorithm (which is a block cipher algorithm) and a key, and the encrypted buffer is then XORed to a 16B block of plaintext to produce a 16B block of ciphertext. This process is repeated for all of the 16B plaintext blocks to get all of the 16B ciphertext blocks. The counter mode for decryption is shown in FIG. 1B and involves the same operations done in encryption in that a nonce is encrypted with the key and the result is XORed, but in the case of decryption the result is XORed with a block of ciphertext, and the decryption process is repeated for each block of ciphertext. The decryption process requires the use of the key and the starting nonce, which can be updated by a counter value for each block. Thus, the decryption process potentially exposes the key and the nonce to an attacker who can attempt to steal the key for unauthorized uses of the content. Thus, there is a need to protect the key.